table of Contents
Passport user authentication
1. Design
1.1 Business Process
- The function before the shopping cart does not need to judge the user login
- The function after the shopping cart must require the user to log in to pass the judgment
- In the shopping cart function, the user login must be judged, but the judgement fails and you can continue to use it (the program executes another branch)
1.2 Evolution of the three designs of login
- session sharing
-
token
-
Certification Center
1.3 Design of the certification center
1 Issue a pass to the user (token)
2 Verify the authenticity of the token (carried by the user's access) received by other business functions
Second, the implementation of the code
2.1 Integration of Certification Center
1 Introduce the static resources of the certification center
2 Click the login link on the search module page to add the URL of the certification center
3 Add a test settlement function (the real settlement function is in the dd module)
4 Add an interceptor (add interception in web-util The interceptor allows all requests to the web to be intercepted by the interceptor)
5 Add the interceptor
6 Add the integration class of the interceptor
@Configuration
public class WebMvcConfiguration extends WebMvcConfigurerAdapter {
@Autowired
AuthInterceptor authInterceptor;
@Override
public void addInterceptors(InterceptorRegistry registry){
registry.addInterceptor(authInterceptor).addPathPatterns("/**");
super.addInterceptors(registry);
}
}
7 Some methods use interceptors, and some do not use interceptors.
In addition to determining the use of interceptors through whether the web module scans the interceptors or not,
you can also use annotations to identify whether specific methods need to pass the interceptor
@LoginRequired
The first type of method: methods that do not need to be intercepted (no interceptor annotations), let go directly without @LoginRequired. The
second type of method: need to be intercepted but the interception verification fails (the user has not logged in or the login has expired), and you can continue to access For example, all the methods in the shopping cart @LoginRequired(loginSuccess=false) The
third method: need to be intercepted, and the interception verification must pass (user login is successful) to access the party @LoginRequired(loginSuccess=true)